Is clevis using an attestation server or is it all on a single machine? I’m interested in getting this set up but the noted lack of batteries included for this in the common distros makes it a somewhat tall order.
- 0 Posts
- 5 Comments
Joined 2 years ago
Cake day: June 4th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
pleaseshare the script?
I’m really not sure. I’ve heard of people using Ceph across datacenters. Presumably that’s with a fast-ish connection, and it’s like joining separate clusters, so you’d likely need local ceph cluster at each site then replicate between datacenters. Probably not what you’re looking for.
I’ve heard good things about Garbage S3 and that it’s usable across the internet on slow-ish connections. Combined with JuiceFS is what I was looking at using before I landed on Ceph.
I know Ceph would work for this use case, but it’s not a lighthearted choice, kind of an investment and a steep learning curve (at least it was, and still is, for me).
How difficult is it for an adversary to get in the middle of the TPM releasing the keys to LUKS? That’s why I would want attestation of some sort, but that makes it more complicated and thinking about how that would work in practice makes my head spin…